dns poisoning?

[raylward102]

I've two pc's on the network; 1 is windows7, the other XP. The network aslo has a couple of wifi clients (phones and laptops)
Anyways; I've had it a couple times now, where the home page (google.ca) loads to an adobe update page that insists on having me download an exe for update. This page url is showing Google
I've scoured the pc and could not find anything; same with results with pcs2(xp).
I did solve this by ipconfig /flushdns on both pc's and rebooting the router.
Everything works again?
Then a couple of days later, this problem returns.
Is my dns being poisioned, and how? Any Idea's. I'm pretty certain there are no viruses on both of the systems I'm using, and the router is locked down with passwords.

 

[Layback Bear]

It may not be a virus.
If it was my computer I would use these two programs.

http://www.bleepingcomputer.com/download/adwcleaner/

Malwarebytes : Malwarebytes Anti-Malware FREE

Let us know if anything was found.

 

[raylward102]

already ran malwarebytes

No findings; I'm usually pretty good with indentifying crap and removal. I've rest browsers to default; cleared caches, and ran virsu scans via safe mode.
Out of options

 

[Layback Bear]

Did you try adwcleaner from Bleeping Computer?

 

[raylward102]

tried adware now

It found some things and removed them...stuff like search conduit, which I think were old entries from a long time ago.
After reboot; adware scan says clean.
Funny thing I've noticed; even though my hompegae comes up fine for now; If I type in the web address bar http://yahoo.com, I recieve that annoying adobe update page....so the problem still exists.

I'm not sure if this is external dns (a router problem) or internally manipulated dns (my system infected)

 

[UsernameIssues]

~~~
...the home page (google.ca) loads to an adobe update page that insists on having me download an exe for update.
~~~
I did solve this by ipconfig /flushdns on both pc's and rebooting the router.
~~~

I would be tempted to go ahead with the download and then upload it to virustotal... but that is just me. You might not feel comfortable doing that.

You can disable the service named DNS Client on XP and W7. You will never miss it. Then there will be no DNS cache to be poisoned or flushed. It is not the kindest thing to do to your DNS provider, but it should not cause any problems while you are troubleshooting this issue. You might also consider pointing your DNS to OpenDNS.

If the redirects still happen while the DNS Client is disabled, then you might want to consider scanning the computers while the operating system is not running (offline) What is Windows Defender Offline?

Sometimes these offline scanners take a while - so plan to run them overnight.


I don't pretend to understand the output of the command...
nslookup -d google.ca
...but you might want to compare that info when the redirect is and is not happening.

 

[UsernameIssues]

~~~
I'm not sure if this is external dns (a router problem) or internally manipulated dns (my system infected)

Can you test without the router turned on?
e.g. plug one computer directly into whatever jack the router normally connects to.

 

[Layback Bear]

Another suggestion.
Go to Adobe's website and check and see if you need Adobe updated.
If you need a update take it.
You will notice that during updating Adobe give you a choice whether you want further updates auto, remind me of updates ect. Select which one.

If you select remind me you will keep getting the reminder until you update.

Another place to look is msconfig Startup and Services and see if you have Adobe Updater checked marked.

 

[raylward102]

I'm an IT specialist fyi

Adobe updates prompt for update by application windows only!; not web pages.
Msconfig has been explored; no changes.
I'm stumped. System seems to function correctly on all levels except for the stated issue

 

[Layback Bear]

Did you check with Adobe site and see if you need the Adobe update??
I'm not a IT specialist may I still make suggestions.

 

[raylward102]

layback bear,

Yes; Am thankful for your suggestions.. Did not intend on sounding rude.

 

[chev65]

Maybe try the adware cleaner and junkware removal tool in the following link. It does sound like the browser is being redirected and we all know what that means. :sarc:

Mini Tool Test for pchf

 

[PCTomNopiping]

It sound like a hijaked browser...

1. Verify that your browser is updated...
2. Disable your Add-on's

An easy way to verify this is by installing another browser like chrome. And navigate to your usual google and test. If everything is normal then is your browser that is hijacked...